[strongSwan] Certificates in cacerts directory

Daniel Mentz danielml+mailinglists.strongswan at sent.com
Fri Mar 5 16:58:50 CET 2010

>> If rightca is specified then we only request certificates issued by rightca.
>> Otherwise we send certificate requests for all CAs contained in /etc/ipsec.d/cacerts/
> If "rightca=" is specified, then it is required that a certificate matching the specified
> DN to be present locally in "/etc/ipsec.d/cacerts/" ?

I guess yes. I mean strongSwan has to read the certificate from somewhere.
You could also create a ca section as described at


if you want to store the certificate in a non-default location.


More information about the Users mailing list